mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-04-18 10:34:19 +00:00
4eaaaa1929
Initialised Mbedtls PSA cryto during Crypto init using function call 'psa_crypto_init'. MbedTLS currently requires a Random Number Generator (RNG) once PSA Crypto support is enabled. However, TF-A itself doesn't engage in cryptographic operations that demand randomness. Consequently, we simulate the presence of an external TRNG (through the configuration option 'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) while, in reality, we offer a dummy implementation of mbedtls_psa_external_get_random() that always returns an error. Change-Id: Ife6d03909c0e6081438d2b2519ef500e5dcdb88f Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
28 lines
861 B
C
28 lines
861 B
C
/*
|
|
* Copyright (c) 2023, Arm Ltd. All rights reserved.
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*/
|
|
|
|
#ifndef PSA_MBEDTLS_CONFIG_H
|
|
#define PSA_MBEDTLS_CONFIG_H
|
|
|
|
#include "mbedtls_config-3.h"
|
|
|
|
#define MBEDTLS_PSA_CRYPTO_C
|
|
|
|
/*
|
|
* Using PSA crypto API requires an RNG right now. If we don't define the macro
|
|
* below then we get build errors.
|
|
*
|
|
* This is a functionality gap in mbedTLS. The technical limitation is that
|
|
* psa_crypto_init() is all-or-nothing, and fixing that would require separate
|
|
* initialization of the keystore, the RNG, etc.
|
|
*
|
|
* By defining MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG, we pretend using an external
|
|
* RNG. As a result, the PSA crypto init code does nothing when it comes to
|
|
* initializing the RNG, as we are supposed to take care of that ourselves.
|
|
*/
|
|
#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
|
|
|
|
#endif /* PSA_MBEDTLS_CONFIG_H */
|